NetSPI

New Azure App Services security research by NetSPI's @kfosaaen TL;DR: Users w/ Contributor permissions can extract & decrypt authentication tokens to impersonate other users accessing the application. Read more: ow.ly/vQAO50WuqpU #Azure #CloudSecurity

New Vuln Research: NetSPI Principal Consultant Ceri Coburn exposes how Forescout SecureConnector agents can be hijacked via a named pipe vulnerability (CVE-2025-4660), turning endpoint security tools into attacker-controlled C2 channels. Read more: ow.ly/6hl250WqWrX

NetSPI Security Consultant Mayuri Bochare has published an insightful deep-dive on securing Java Spring applications through code review. 👉 Read the full article: ow.ly/IWfx50WnoVy #proactivesecurity #JavaSecurity #SecureCodeReview

NetSPI Principal Security Consultant Jason Juntunen recently published findings on a Remote Code Execution vulnerability in SailPoint's IQService component. 👉 Read the full technical breakdown: ow.ly/GbT150WmgRg #proactivesecurity #VulnerabilityResearch

New NetSPI research by @kfosaaen reveals Azure Load Testing attack vector via JMeter/Locust configs. Read more: ow.ly/V05Z50Wjmao

Microsoft Defender for Identity vulnerability (CVE-2025-26685) allows unauthenticated attackers to capture Net-NTLM hashes and potentially gain AD access. Security tools can become attack vectors - understanding this risk is crucial: ow.ly/UOc050W8inY

NetSPI's @PANTH13R and Larry Trowell developed RayV Lite—a low-cost laser fault injection tool that makes advanced hardware security testing accessible beyond nation-states using open-source hardware & inexpensive IR-leaking lasers. ➡️ ow.ly/Nqtm50W4fjT

⚡️ Introducing our latest e-book, Continuous Threat Exposure Management (CTEM) For Dummies, NetSPI Special Edition – your ultimate intro to #CTEM! Dive into the world of #proactivesecurity with this comprehensive guide. Get your free copy now ⬇️ ow.ly/Gkem50VZAkS

Read the details on how multiple arbitrary SYSTEM file delete flaws (CVE-2025-23009, CVE-2025-23010) can be exploited for privilege escalation. ✅ SonicWall has patched these issues in NetExtender v10.3.2 ow.ly/UxPT50W0xWA

NetSPI security experts @PANTH13R & Larry Trowell will show how they made advanced hardware attacks possible using everyday lasers & readily available parts at BSides Tokyo. ow.ly/CcHM50VPqzU #BSidesTokyo #TeamNetSPI #Speaker #proactivesecurity

NetSPI just released a new tool, Wopper (WordPress Privilege Escalation Rapidly) - a faster way to execute code during WordPress security assessments. Check out this new blog post by NetSPI Security Consultant II Joe Grassl to learn more: ow.ly/srOC50VEQXC

Microsoft patched critical vulnerabilities (CVE-2025-21299, CVE-2025-29809) in Q1 2025. NetSPI research reveals Kerberos canonicalization bypasses Hyper-V isolation of credentials, compromising Windows security. Read the full article: ow.ly/WcuW50VAOTg

CVE-2025-27590 Oxidized Web: Local File Overwrite is a vulnerability where an attacker w/ access to the /migration page of Oxidized Web v0.14 can overwrite any local file that the ‘oxidized’ user can write to & gain remote code execution on the web server. ow.ly/C1R350VxKLJ

The overall attack surface of Salesforce is often overlooked, and the result could be disastrous for your organization. ow.ly/CYZ350VrvEz NetSPI's Weylon Solis explores authorization issues & common bad practices to avoid. Learn more! #salesforce #proactivesecurity

Beacon Object Files (BOFs) in C2 platforms limit developers. ow.ly/rQ2e50VjZBU Read NetSPI's blog post to explore a reference design for a new BOF portable executable (PE) concept that bridges the gap between modern C++ development and memory-executable C2 integration.

An attacker with access to a Web Help Desk backup file could recover some encrypted passwords stored within it. NetSPI Principal Security Consultant Jamie Riden wrote to tell about it. Check out his latest blog post to learn more: ow.ly/HFZC50VflwC

Cloud environments, ESXi servers, and remote access tools are prime ransomware targets. Join NetSPI's Ben Lister & Maril Vernon on Thurs. 3/13 at 1pm ET as they reveal security gaps attackers exploit & how to protect your business: ow.ly/a8FB50V9lw7

🚀 Speaker Spotlight: Kurtis Shelton 🚀 @Spankasaurass AI vulnerabilities aren’t binary—they exist on a spectrum. Join Kurtis Shelton, Principal AI Security Researcher @NetSPI , at Apres-Cyber Slopes Summit as he breaks down AI security benchmarks, bias detection & red teaming…

How resilient is your AI to adversarial attacks? We’re exploring cutting-edge jailbreaking techniques and invite you to collaborate in advancing testing methodologies for safer AI systems. ow.ly/qJfz50Ux3sa

NetSPI Security Hardware Pentesting Team gives a starting point for those wanting to learn how to decap chips for optical viewing & reversal of integrated controller. Read the article: ow.ly/1hmZ50UGU3M